Lizard Squad is alive and continuing activities as BigBotPein: Report

According to researchers, evidence suggests Lizard Squad is alive and well, continuing their malicious activities under the guise of BigBotPein.

ZingBox researchers have strong evidence that BigBotPein group is the new name under which the Lizard Squad is discreetly carrying out cybercriminal activities and that Lizard Squad has a close connection with Mirai malware. This information connects Lizard Squad and Mirai (which is a known fact) to the series of DDoS (distributed denial of service) attack that caused widespread destruction in 2017.

BigBotPein Is Lizard Squad

The co-founder and CEO of ZingBox, Xu Zou stated: “Despite the courageous efforts of our law enforcement agencies to identify and tear down various hacking groups, the collaboration between groups makes it extremely difficult to completely shut down their efforts for good. Arrests of high-profile members and founders of such groups certainly slow down their momentum, but organizations can’t take their foot off the gas when it comes to being vigilant about the security of their network.”

Lizard Squad is known for some very disturbing and far-reaching DDoS attacks in the history of digital crimes. This group is responsible for successful disruption of networks of Sony PlayStation, Xbox Live, and Blizzard’s Warcraft. Over the years, various individuals have been alleged to have utilized the LizardStresser DDoS service offered by Lizard Squad, and have ended up getting arrested.

Mirai, Lizard Squad, And BigBotPein

On the other hand, Mirai, which came to light since a year and a half only, made headlines in mid-2016 after successfully attacking OVH hostings, security expert Brian Krebs’ blog and Dyn DNS’ infrastructure with a massive army of botnets. It must be noted that the source code of Mirai malware was leaked online merely weeks after these DDoS attacks were launched and Brian Krebs’ blog was targeted probably because the journalists severely criticized Lizard Squad and linked the group with Mirai.

Lizard Squad’s timeline (Source: ZingBox)

As per the information acquired by ZingBox researchers, Lizard Squad hackers and Mirai are linked and the fact that Lizard Squad and Mirai both used the same Ukrainian hosting service Blazingfast further reinforces this fact. Moreover, it is also a point to be considered that the source code of Mirai malware was released exactly 9 days later when Zachary Buchta, the founder of Lizard Squad, was captured.

Researchers were able to single out BigBotPein as connected to Lizard Squad after analyzing a domain associated with another Mirai-based scheme that was launched in late 2017; this domain was registered in the name of a person linked with Lizard Squad. BigBotPein came to limelight for supporting Buchta after he was captured by the police and this group chose Mirai as its key Internet of Things weapon to target a variety of systems including x86, x64, ARC, MIPS, ARM, SPARC, and SuperH.

Adding Ethereum And Monero Miners To Its Malware

Furthermore, the report suggests that this group has added Ethereum and Monero miners to its malware portfolio and has managed to improvise their social engineering skills to a great extent over time. In October 2017, researchers also identified a Mirai-based campaign that utilized a domain bigbotpein[.]com while Mirai authors were known for using blazingfact[.]io for controlling the army of botnets.